Page 152 - Cyber Defense eMagazine January 2023
P. 152
Establish ways and means to detect and respond to incidents and develop sound business continuity
and disaster recovery plans. Make certain third-party providers are also secure by conducting an audit of
their security measures or building standards into their contracts with you.
Q #5: Did we conduct a penetration test against our application?
Most security vulnerabilities are not identified until an external party conducts a penetration test. A
penetration test is one of the best ways to identify any significant security issues with an application.
Penetration tests go a step further than a risk assessment by attempting to exploit the weaknesses
identified.
For example, a vulnerability assessment might discover patches are not being updated regularly, leaving
a company vulnerable to attacks. A penetration test would attempt to access the company systems
through unpatched vulnerabilities, enabling the cybersecurity team to shore up any potential risk areas
in advance.
Being Prepared
Any company building a cloud security strategy must comply with the requirements of their industry but
it is just as important to go beyond required compliance by being prepared ahead of time for any possible
cybersecurity incidents. Put processes in place to detect anomalies and attempted breaches. Exercise
reasonable security measures to anticipate problems. Make sure you have adequate backup and
restoration procedures. If you are unsure about moving forward, get expert help to secure your systems
and protect your customers and staff.
About the Author
Metin Kortak the Chief Information Security Officer at Rhymetec. Metin
Kortak has been working as the Chief Information Security Officer at
Rhymetec since 2017. He started out his career working in IT Security
and gained extensive knowledge on compliance and data privacy
frameworks such as: SOC; ISO 27001; PCI; FEDRAMP; NIST 800-53;
GDPR; CCPA; HITRUST and HIPAA.
Metin joined Rhymetec to build the Data Privacy and Compliance as a
service offering and under his leadership, the service offerings have
grown to more than 200 customers and is now a leading SaaS security
service provider in the industry. Metin splits his time between his homes in California and New York City
and in his free time, he enjoys traveling, exercising, and spending quality time with his friends.
Metin can be reached online at https://www.linkedin.com/in/mkortak/ and at his company website
https://rhymetec.com/
Cyber Defense eMagazine – January 2023 Edition 152
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.